This authentication mode attempts to authenticate users against two directories if the need arises. When users first log in, they are authenticated against the LDAP directory. If this authentication fails, the login information is sent to the Cisco Unified MeetingPlace Audio Server for a possible match. This behavior allows a company to give non-LDAP users, such as guests or contractors, access to Cisco Unified MeetingPlace.

Before configuring this authentication mode, keep the following points in mind:

To authenticate Cisco Unified MeetingPlace Web Conferencing against the LDAP server, make sure that the LDAP server directory is designed to have all users in one container rather than broken into multiple containers (each representing a child OU).

If a match is made in the LDAP database, the user must provide the proper LDAP password. Three attempts with the incorrect password will lock the LDAP profile of the user.

Only users who are not found in the LDAP directory are eligible for authentication through the Cisco Unified MeetingPlace directory.

For "LDAP Distinguished Name (DN)," enter the DN information for your directory.

Note: All users in the LDAP server directory must be in one container rather than broken into multiple containers each representing a child OU.

Example

CN= %USERNAME% , OU=People, DC=mydomain, DC=com

If the LDAP server that is being used is the LDAP interface on a Microsoft Active Directory server, leave the DN field blank (empty) for authentication to work. When configured in this manner, the format of the usernames that the user enters must be DOMAIN\USER or user@ou.domain.com.

%USERNAME% is the username that the user enters when logging in.

Before sending the request to the LDAP server %USERNAME% is replaced with the username that the user types in the login username field. No additional modifications are made to the DN value.